package servlet;

import dao.BlogDao;
import model.User;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * @author : niu niu
 * @version : 1.0.0
 * @date : 2023/4/10 12:13
 */
@WebServlet("/delete")
public class DeleteServlet extends HttpServlet {
    BlogDao blogDao = new BlogDao();
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.setContentType("text/html;charset=utf8");
        //不做校验，直接调用接口，无法防御
        HttpSession session = req.getSession(false);
        if (session == null || session.getAttribute("user") == null){
            resp.getWriter().write("用户未登录");
            return;
        }
        User user = (User) session.getAttribute("user");
        if (user==null || user.getId()<=0){
            resp.getWriter().write("用户未登录");
            return;
        }
        String blogIdParam = req.getParameter("blogId");
        if (blogIdParam == null || "".equals(blogIdParam)){
            resp.getWriter().write("blogId 不正确");
            return;
        }
        Integer blogId = Integer.parseInt(blogIdParam);
        blogDao.deleteBlog(blogId);
        resp.sendRedirect("blog_list.html");
    }
}
